on 10-15-2010 3:20 PM
Hi Team,
RFC connections GB_DPSRETRIEVE and GB_DPS which connects to govt gateway are not working from past 4 days these connections are failing with error ICM_HTTP_SSL_ERROR,we have not changed any thing from our side,we had similar issue in January 2010 where SAP has released note saying HMRC have renewed the existing Government Gateway Security Certificate for DPS which we have already renewed.Kindly let me know if some one had similar problem
Please find ICM trace details below:
[Thr 8] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]
[Thr 12] Fri Oct 15 14:45:10 2010
[Thr 12] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 12] session uses PSE file "/usr/sap/XID/DVEBMGS95/sec/SAPSSLA.pse"
[Thr 12] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 12] >> Begin of Secude-SSL Errorstack >>
[Thr 12] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Class 3 Public Primary Certification Auth
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 12] << End of Secude-SSL Errorstack
[Thr 12] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 12] SSL socket: local=10.196.66.25:57991 peer=10.196.3.3:8000
[Thr 12] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x1068b6050)==SSSLERR_SSL_CONNECT
[Thr 12] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]
[Thr 12] Fri Oct 15 14:48:35 2010
[Thr 12] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 12] session uses PSE file "/usr/sap/XID/DVEBMGS95/sec/SAPSSLA.pse"
[Thr 12] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 12] >> Begin of Secude-SSL Errorstack >>
[Thr 12] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Class 3 Public Primary Certification Auth
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 12] << End of Secude-SSL Errorstack
[Thr 12] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 12] SSL socket: local=10.196.66.25:58180 peer=10.196.3.3:8000
[Thr 12] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x1068b6050)==SSSLERR_SSL_CONNECT
[Thr 12] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]
Thanks & Regards,
Sree
Hi Sreedhar,
This is the problem with the certificate, HMRC has provided a new link for DPS i.e in SM59, Target host should be updated to dps.ws.hmrc.gov.uk and check the SAP Note 1693957 for the new certificate to be installed into the PI system.
Note that dowload both the cetificate i.e the dps cetificate provided in the SAP Note and its immediate parent certificate. Its so happened in my case that only one certifcate did not work.
Regards,
Nitin Rao
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In STRUST you must add CA certificates into SSL Client PSE as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sreedhar,
This error related to your application SSL certificate. So contact your basis adminstrator and send error details to them.
Thank you very much.
Sateesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Friends,
Thanks for your replies,I've found announcement on HMRC site about DPS issue.
Please find announcement details below:
New issues (updated 20 October)
Data Provisioning Service (DPS) u2013 P6 coding notices
We have temporarily suspended the issue of any new P6s into DPS due to a technical issue. We are investigating urgently and will restore normal service as soon as this has been rectified. HMRC apologises for any inconvenience this may cause.
Please update this message if you have heard any updates from HMRC.
Thanks & Regards,
Sree
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
The error you are experiencing is because of an incomplete installation of certificates in STRUST. To view a certificate properly, double-click on it and then go to the certification path tab. There you will see as to how many layers your end certificate have before reaching the rootCA. e.g If your certificate path looks like this:
RootCA
| _ _ IntermediateCA
| _ _ _ _ EndCertificate
Then you need to:
1. Extract the IntermediateCA and RootCA by viewing the certificate and copying (located under the details tab) them
2. Install both the RootCA and IntermediateCA in the STRUST
3, Perform an ICMRestart and then test the connection again
Hope this helps,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi sree
HMRC are currently experiencing a problem with that particular site and i suspect when they fix that your connections will work again.
each particular "child" site in HMRC that serves a different purpose will request/require different SSL certificates.
therefore whilst DPS is broken, another server/site will process your certificate and reply that it is invalid whereas it is valid til 2011 and perfectly fine.
we have the same issue and SAP/HMRC have confirmed there is an internal issue with DPS
there are no new codes so don't worry
thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
It looks a certificate issue from the error details
the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Class 3 Public Primary Certification Auth
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
But also check the firewall at both end .
Regards,
Vishal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.